diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py
index f6873b226..f16efc18f 100644
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@@ -285,7 +285,7 @@ SERVER_EMAIL = "root@get.gov"
 
 # Content-Security-Policy configuration
 # this can be restrictive because we have few external scripts
-allowed_sources = ("'self'",)
+allowed_sources = ("'self'", "https://idp.int.identitysandbox.gov", "https://idp.int.identitysandbox.gov/openid_connect/logout")
 CSP_DEFAULT_SRC = allowed_sources
 # Most things fall back to default-src, but these two do not and should be
 # explicitly set
diff --git a/src/registrar/config/urls.py b/src/registrar/config/urls.py
index c21d0206c..6159b387b 100644
--- a/src/registrar/config/urls.py
+++ b/src/registrar/config/urls.py
@@ -45,6 +45,10 @@ for step, view in [
 
 urlpatterns = [
     path("", views.index, name="home"),
+    path(
+            "admin/logout/",
+            RedirectView.as_view(url="/openid/logout", permanent=False),
+        ),
     path("admin/", admin.site.urls),
     path(
         "application/<id>/edit/",